Privacy Act of 1974; System of Records, 32786-32789 [2019-14605]
Download as PDF
32786
Federal Register / Vol. 84, No. 131 / Tuesday, July 9, 2019 / Notices
(3150–XXXX), Attn: Desk Officer for the
Nuclear Regulatory Commission, 725
17th Street NW, Washington, DC 20503;
email: oira_submission@omb.eop.gov.
FOR FURTHER INFORMATION CONTACT:
David Cullison, NRC Clearance Officer,
U.S. Nuclear Regulatory Commission,
Washington, DC 20555–0001; telephone:
301–415–2084; email:
INFOCOLLECTS.Resource@nrc.gov.
SUPPLEMENTARY INFORMATION:
khammond on DSKBBV9HB2PROD with NOTICES
I. Obtaining Information and
Submitting Comments
A. Obtaining Information
Please refer to Docket ID NRC–2019–
0097 when contacting the NRC about
the availability of information for this
action. You may obtain publiclyavailable information related to this
action by any of the following methods:
• Federal rulemaking website: Go to
https://www.regulations.gov/ and search
for Docket ID NRC–2019–0097. A copy
of the collection of information and
related instructions may be obtained
without charge by accessing Docket ID
NRC–2019–0097 on this website.
• NRC’s Agencywide Documents
Access and Management System
(ADAMS): You may obtain publiclyavailable documents online in the
ADAMS Public Documents collection at
https://www.nrc.gov/reading-rm/
adams.html. To begin the search, select
‘‘ADAMS Public Documents’’ and then
select ‘‘Begin Web-based ADAMS
Search.’’ For problems with ADAMS,
please contact the NRC’s Public
Document Room (PDR) reference staff at
1–800–397–4209, 301–415–4737, or by
email to pdr.resource@nrc.gov. A copy
of the collection of information and
related instructions may be obtained
without charge by accessing ADAMS
Accession No. ML19177A082. The
supporting statement is available in
ADAMS under Accession No.
ML19177A084.
• NRC’s PDR: You may examine and
purchase copies of public documents at
the NRC’s PDR, Room O1–F21, One
White Flint North, 11555 Rockville
Pike, Rockville, Maryland 20852.
• NRC’s Clearance Officer: A copy of
the collection of information and related
instructions may be obtained without
charge by contacting the NRC’s
Clearance Officer, David Cullison,
Office of the Chief Information Officer,
U.S. Nuclear Regulatory Commission,
Washington, DC 20555–0001; telephone:
301–415–2084; email:
INFOCOLLECTS.Resource@NRC.GOV.
B. Submitting Comments
The NRC cautions you not to include
identifying or contact information in
VerDate Sep<11>2014
17:47 Jul 08, 2019
Jkt 247001
comment submissions that you do not
want to be publicly disclosed in your
comment submission. All comment
submissions are posted at https://
www.regulations.gov/ and entered into
ADAMS. Comment submissions are not
routinely edited to remove identifying
or contact information.
If you are requesting or aggregating
comments from other persons for
submission to the OMB, then you
should inform those persons not to
include identifying or contact
information that they do not want to be
publicly disclosed in their comment
submission. Your request should state
that comment submissions are not
routinely edited to remove such
information before making the comment
submissions available to the public or
entering the comment into ADAMS.
II. Background
Under the provisions of the
Paperwork Reduction Act of 1995 (44
U.S.C. chapter 35), the NRC recently
submitted a proposed collection of
information to OMB for review entitled,
‘‘Nuclear Energy Innovation and
Modernization Act Local Community
Advisory Board Questionnaire.’’ The
NRC hereby informs potential
respondents that an agency may not
conduct or sponsor, and that a person is
not required to respond to, a collection
of information unless it displays a
currently valid OMB control number.
The NRC published a Federal
Register notice with a 60-day comment
period on this information collection on
April 19, 2019 (84 FR 16547).
1. The title of the information
collection: Nuclear Energy Innovation
and Modernization Act Local
Community Advisory Board
Questionnaire.
2. OMB approval number: An OMB
control number has not yet been
assigned to this proposed information
collection.
3. Type of submission: New.
4. The form number if applicable: Not
applicable.
5. How often the collection is required
or requested: Once.
6. Who will be required or asked to
respond: Respondents will be the
existing local community advisory
boards in the vicinity of power reactors
undergoing decommissioning, similar
established stakeholder groups, or local
government organizations.
7. The estimated number of annual
responses: 15 (7 responses from sites
with established local community
advisory boards + 8 responses from sites
where local community advisory boards
have not been established).
PO 00000
Frm 00088
Fmt 4703
Sfmt 4703
8. The estimated number of annual
respondents: 15 (7 sites with established
local community advisory boards + 8
sites where local community advisory
boards have not been established).
9. An estimate of the total number of
hours needed annually to comply with
the information collection requirement
or request: 54 hours.
10. Abstract: The NRC is planning to
coordinate activities in accordance with
Section 108 of the Nuclear Energy
Innovation and Modernization Act to
collect information on the use of local
community advisory boards during
decommissioning activities and issue a
best practices report. In order to ensure
appropriate best practices are identified,
the NRC has developed a questionnaire
that will seek feedback in a number of
areas related to the formation and
operation of local community advisory
boards. The questionnaire will address
the following areas: The type of topics
that might be brought before a
community advisory board; how the
board’s input could inform the decisionmaking process for various
decommissioning stakeholders; how the
board might interact with other State
and Federal agencies to promote
dialogue between the licensee and
impacted stakeholders; and how the
board could offer opportunities for
public engagement throughout the
decommissioning process. The NRC will
issue a report to Congress in June 2020
identifying best practices for
establishment and operation of local
community advisory boards.
Dated at Rockville, Maryland, this 2nd day
of July, 2019.
For the Nuclear Regulatory Commission.
Kristen E. Benney,
Acting NRC Clearance Officer, Office of the
Chief Information Officer.
[FR Doc. 2019–14483 Filed 7–8–19; 8:45 am]
BILLING CODE 7590–01–P
PENSION BENEFIT GUARANTY
CORPORATION
Privacy Act of 1974; System of
Records
Pension Benefit Guaranty
Corporation.
ACTION: Notice of a new system of
records.
AGENCY:
The Pension Benefit Guaranty
Corporation (PBGC) is proposing the
following changes to its system of
records notices to establish a new
system of records PBGC–26: PBGC
Insider Threat and Data Loss
Prevention. The new system of records
will cover records about individuals,
SUMMARY:
E:\FR\FM\09JYN1.SGM
09JYN1
khammond on DSKBBV9HB2PROD with NOTICES
Federal Register / Vol. 84, No. 131 / Tuesday, July 9, 2019 / Notices
retrieved by personal identifier, which
are compiled and used by PBGC’s
Insider Threat and Data Loss Prevention
teams, to administer PBGC’s insider
threat and data loss prevention
programs. Because records in this
system include investigatory material
compiled for law enforcement purposes,
elsewhere in this issue of the Federal
Register PBGC has published a final
rule to exempt this system of records
from certain requirements of the Privacy
Act. The system of records is more fully
described in in the SUPPLEMENTARY
INFORMATION section of this notice and in
the System of Records Notice (SORN)
published in this notice.
DATES: Comments must be received on
or before August 8, 2019. The system of
records described herein will become
effective July 9, 2019, without further
notice, unless comments result in a
contrary determination and a notice is
published to that effect.
ADDRESSES: You may submit written
comments to PBGC by any of the
following methods:
• Federal eRulemaking Portal: https://
www.regulations.gov. Follow the
website instructions for submitting
comments.
• Email: reg.comments@pbgc.gov.
Refer to SORN in the subject line.
• Mail or Hand Delivery: Regulatory
Affairs Division, Office of the General
Counsel, Pension Benefit Guaranty
Corporation, 1200 K Street NW,
Washington, DC 20005–4026.
All submissions must include the
agency’s name (Pension Benefit
Guaranty Corporation, or PBGC) and
refer to ‘‘SORN.’’ All comments received
will be posted without change to
PBGC’s website, www.pbgc.gov,
including any personal information
provided. Copies of comments may also
be obtained by writing to Disclosure
Division, Office of the General Counsel,
Pension Benefit Guaranty Corporation,
1200 K Street NW, Washington, DC
20005–4026, or calling 202–326–4040
during normal business hours. (TTY
users may call the Federal relay service
toll-free at 1–800–877–8339 and ask to
be connected to 202–326–4040.)
FOR FURTHER INFORMATION CONTACT:
Margaret Drake, Chief Privacy Officer,
Pension Benefit Guaranty Corporation,
Office of the General Counsel, 1200 K
Street NW, Washington, DC 20005, 202–
326–4400, extension 6435. For access to
any of PBGC’s system of records, contact
D. Camilla Perry, Disclosure Officer,
Office of the General Counsel,
Disclosure Division, 1200 K Street NW,
Washington DC 20005, or by calling
202–326–4040.
VerDate Sep<11>2014
17:47 Jul 08, 2019
Jkt 247001
PBGC is
proposing to establish a new system of
records titled, ‘‘PBGC–26, PBGC Insider
Threat and Data Loss Prevention—
PBGC.’’ Executive Order 13587, issued
on October 7, 2011, mandated that
agencies with classified networks
establish insider threat programs. While
PBGC does not have any classified
networks, it does maintain a significant
amount of Controlled Unclassified
Information (CUI) that, under law, it is
required to safeguard from unauthorized
access or disclosure. One method
utilized by PBGC to ensure that only
those with a need-to-know have access
to CUI is a set of tools to minimize data
loss, whether inadvertent or intentional.
Working from the Minimum
Standards set forth in the Presidential
Memorandum—National Insider Threat
Policy and Minimum Standards for
Executive Branch Insider Threat
Programs (Nov. 21, 2012), PBGC is also
establishing an Insider Threat Program.
While PBGC is not legally mandated to
deploy an insider threat program, the
principles developed by the National
Institute of Standards and Technology
and the National Insider Threat Task
Force ‘‘can also be employed effectively
to improve the security of Controlled
Unclassified Information in nonnational security systems.’’ An
‘‘insider’’ is any individual authorized
to access PBGC facilities, information,
equipment, and systems. This includes
Federal employees and contractors. An
‘‘insider threat’’ occurs when that
individual exceeds their authorized
access, intentionally or not, or uses
information for an improper purpose,
including, but not limited to, personal
gain, which ‘‘negatively affect[s] the
confidentiality, integrity, or
availability’’ of PBGC data.
The records that PBGC will compile
to administer its data loss prevention
and insider threat programs may be
from any PBGC program, record, or
source, and may contain records
pertaining to information security,
personnel security, or physical security.
The records covered under PBGC–
26,PBGC Insider Threat and Data Loss
Prevention—PBGC, include
investigatory material compiled for law
enforcement purposes. Accordingly,
PBGC has published a Final Rule in the
Federal Register to exempt such
material in the new system or record
from certain requirements under the
Privacy Act of 1974 (5 U.S.C. 552a),
based on subsection (k)(2) of the Act.
The collection and maintenance of
these records is new. The
implementation of this new system of
records will be effective on July 9, 2019.
SUPPLEMENTARY INFORMATION:
PO 00000
Frm 00089
Fmt 4703
Sfmt 4703
32787
Issued in Washington, DC.
Gordon Hartogensis,
Director, Pension Benefit Guaranty
Corporation.
SYSTEM NAME AND NUMBER
PBGC—26: PBGC Insider Threat and
Data Loss Prevention—PBGC
SECURITY CLASSIFICATION
Unclassified
SYSTEM LOCATION
Pension Benefit Guaranty Corporation
(PBGC), 1200 K Street NW, Washington,
DC 20005. (Records may be kept at an
additional location as backup for
continuity of operations.)
SYSTEM MANAGER(S) AND ADDRESS
Chief Information Officer, Office of
Information Technology, PBGC, 1200 K
Street NW, Washington, DC 20005.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM
29 U.S.C. 1302(b)(3); 5 U.S.C. 301; 44
U.S.C. 3101; 44 U.S.C. 3554; Executive
Order 13587, Structural Reforms To
Improve the Security of Classified
Networks and the Responsible Sharing
and Safeguarding of Classified
Information (Oct. 7, 2011); Presidential
Memorandum—National Insider Threat
Policy and Minimum Standards for
Executive Branch Insider Threat
Programs (Nov. 21, 2012); Executive
Orders 13488 and 13467, as amended by
13764, To Modernize the Executive
Branch-Wide Governance Structure and
Processes for Security Clearances,
Suitability and Fitness for Employment,
and Credentialing, and Related Matters;
Executive Order 3356, Controlled
Unclassified Information (Nov. 4, 2010);
5 CFR part 731; 5 CFR part 302; OMB
Circular A–130 (July 28, 2016); National
Institute of Standards and Technology
Special Publication 800–53.
PURPOSE(S) OF THE SYSTEM
The purpose of the system is to detect
anomalous behavior by PBGC insiders
and, as warranted, gather information
from sources or existing PBGC systems
of records to support an investigation of
the incident.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM
The categories of individuals covered
by this system are PBGC insiders,
defined as any person with authorized
access to any PBGC resource including
facilities, information, equipment,
networks, or systems.
CATEGORIES OF RECORDS IN THE SYSTEM
A. THE SYSTEM WILL CONTAIN THESE CATEGORIES
OF RECORDS
Information collected through user
activity monitoring, including
E:\FR\FM\09JYN1.SGM
09JYN1
32788
Federal Register / Vol. 84, No. 131 / Tuesday, July 9, 2019 / Notices
keystrokes, screen captures, and content
transmitted via email, chat, or data
import or export.
Reports of investigation regarding
security violations and privacy
breaches, including incident reports;
usernames and aliases, levels of network
access, audit data, information regarding
misuse of PBGC devices, information
regarding unauthorized use of
removable media, and logs of printer,
copier, and facsimile machine use.
Records relating to the management
and operation of PBGC personnel and
physical security, including information
relating to continued eligibility for
access to PBGC facilities, information,
and information systems.
Information identifying threats to
PBGC personnel, property, facilities,
and information; information obtained
from the Department of Justice, the
Federal Bureau of Investigation, or from
other agencies or organizations about
individuals known or suspected of
being engaged in conduct constituting,
preparing for, aiding, or relating to an
insider threat, including espionage or
unauthorized disclosure of personally
identifiable information (PII).
B. THE SYSTEM MAY INCLUDE THESE CATEGORIES
OF RECORDS
Publicly available information, such
as information regarding: Arrests and
detentions; real property; bankruptcy;
liens or holds on property; vehicles;
licensure (including professional and
pilot’s licenses, firearms and explosive
permits); business licenses and filings;
and from social media.
Reports furnished to the PBGC, or
collected by PBGC, in connection with
personnel security investigations and
Insider Threat Detection Program
operated by PBGC pursuant to Federal
laws and Executive Orders, rules,
regulations, guidance, and PBGC
policies.
Documentation pertaining to
investigative or analytical efforts by
PBGC Insider Threat Program Personnel
to identify threats to PBGC personnel,
property, facilities, and information.
Intelligence reports and database
query results relating to individuals
covered by this system.
khammond on DSKBBV9HB2PROD with NOTICES
RECORD SOURCE CATEGORIES
To monitor for, identify, and respond
to potential insider threats, information
in the system will be received on an as
needed basis from PBGC employees,
contractors, vendors, interns, and
detailees; officials from other foreign,
federal, tribal, state, and local
government agencies and organizations;
non-government, commercial, public,
and private agencies and organizations;
VerDate Sep<11>2014
17:47 Jul 08, 2019
Jkt 247001
complainants, informants, suspects, and
witnesses; and from relevant records,
including counterintelligence and
security databases and files; personnel
security databases and files; PBGC
human resources databases and files;
PBGC contractor files; PBGC’s Office of
Information Technology; information
collected through user activity
monitoring; PBGC telephone usage
records; federal, state, tribal, territorial,
and local law enforcement and
investigatory records; Inspector General
records; available U.S. Government
intelligence and counterintelligence
reporting information and analytic
products pertaining to adversarial
threats; other Federal agencies; and
publicly available information.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
THE PURPOSES OF SUCH USES
Information about covered
individuals may be disclosed without
consent as permitted by the Privacy Act
of 1974, 5 U.S.C. 522a(b), and:
1. General Routine Uses G1 through
G14 apply to this system of records (see
Prefatory Statement of General Routine
Uses).
2. Records may be disclosed to any
person, organization, or governmental
entity in order to notify them of a
serious threat for the purpose of
guarding against or responding to the
threat.
3. Records may be disclosed to a
federal, state, or local agency, or other
appropriate entities or individuals, or
through established liaison channels to
selected foreign governments, in order
to enable the intelligence agency with
the relevant authority and responsibility
for the matter to carry out its
responsibilities under the National
Security Act of 1947 as amended, the
CIA act of 1949 as emended, Executive
Order 12333 or any successor order,
applicable national security directives,
or classified implementing procedures
approved by the Attorney General and
promulgated pursuant to such statutes,
orders or directives.
4. Records may be disclosed to the
U.S. Department of Homeland Security
(DHS) if captured in an intrusion
detection system used by PBGC and
DHS pursuant to a DHS cybersecurity
program that monitors internet traffic to
and from federal government computer
networks to prevent a variety of types of
cybersecurity incidents.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS
Records are maintained in electronic
form (including computer databases or
discs). Records may also be maintained
PO 00000
Frm 00090
Fmt 4703
Sfmt 4703
on back-up tapes, or on a PBGC or a
contractor-hosted network.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS
Information from this system may be
retrieved by numerous data elements
and key word searches, including, but
not limited to name, dates, subject, and
other information retrievable with full
text searching capability.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS
PBGC has established security and
privacy protocols that meet the required
security and privacy standards issued
by the National Institute of Standards
and Technology (NIST). Records are
maintained in a secure, password
protected electronic system that utilizes
security hardware and software to
include multiple firewalls, active
intruder detection, and role-based
access controls. PBGC has adopted
appropriate administrative, technical,
and physical controls in accordance
with PBGC’s security program to protect
the confidentiality, integrity, and
availability of the information, and to
ensure that records are not disclosed to
or accessed by unauthorized
individuals.
Electronic records are stored on
computer networks, which may include
cloud-based systems, and protected by
controlled access with Personal Identity
Verification (PIV) cards, assigning user
accounts to individuals needing access
to the records and by passwords set by
authorized users that must be changed
periodically.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS
The records in this system of records
are covered by National Archives and
Records Administration General
Records Schedule 5.6, items 210, 220,
230, and 240.
RECORD ACCESS PROCEDURES
Individuals, or third parties with
written authorization from the
individual, wishing to request access to
their records in accordance with 29 CFR
4902.4, should submit a written request
to the Disclosure Officer, PBGC, 1200 K
Street NW, Washington, DC 20005,
providing their name, address, date of
birth, and verification of their identity
in accordance with 29 CFR 4902.3(c).
CONTESTING RECORD PROCEDURES
Individuals, or third parties with
written authorization from the
individual, wishing to amend their
records must submit a written request
identifying the information they wish to
correct in their file, in addition to
E:\FR\FM\09JYN1.SGM
09JYN1
Federal Register / Vol. 84, No. 131 / Tuesday, July 9, 2019 / Notices
following the requirements of the
Record Access Procedure above.
NOTIFICATION PROCEDURES
Individuals, or third parties with
written authorization from the
individual, wishing to learn whether
this system of records contains
information about them should submit a
written request to the Disclosure Officer,
PBGC, 1200 K Street NW, Washington,
DC 20005, providing their name,
address, date of birth, and verification of
their identity in accordance with 29
CFR 4902.3(c).
EXEMPTIONS PROMULGATED FOR THE SYSTEM
Pursuant to 5 U.S.C. 552a(k)(2), PBGC
has established regulations at 29 CFR
4902.12 that exempt records in this
system depending on their purpose.
HISTORY
None.
[FR Doc. 2019–14605 Filed 7–8–19; 8:45 am]
BILLING CODE 7709–02–P
POSTAL REGULATORY COMMISSION
[Docket Nos. MC2019–159 and CP2019–179]
New Postal Products
Postal Regulatory Commission.
Notice.
AGENCY:
ACTION:
The Commission is noticing a
recent Postal Service filing for the
Commission’s consideration concerning
negotiated service agreements. This
notice informs the public of the filing,
invites public comment, and takes other
administrative steps.
DATES: Comments are due: July 11,
2019.
SUMMARY:
Submit comments
electronically via the Commission’s
Filing Online system at https://
www.prc.gov. Those who cannot submit
comments electronically should contact
the person identified in the FOR FURTHER
INFORMATION CONTACT section by
telephone for advice on filing
alternatives.
ADDRESSES:
FOR FURTHER INFORMATION CONTACT:
David A. Trissell, General Counsel, at
202–789–6820.
SUPPLEMENTARY INFORMATION:
khammond on DSKBBV9HB2PROD with NOTICES
Table of Contents
I. Introduction
II. Docketed Proceeding(s)
I. Introduction
The Commission gives notice that the
Postal Service filed request(s) for the
Commission to consider matters related
to negotiated service agreement(s). The
VerDate Sep<11>2014
17:47 Jul 08, 2019
Jkt 247001
request(s) may propose the addition or
removal of a negotiated service
agreement from the market dominant or
the competitive product list, or the
modification of an existing product
currently appearing on the market
dominant or the competitive product
list.
Section II identifies the docket
number(s) associated with each Postal
Service request, the title of each Postal
Service request, the request’s acceptance
date, and the authority cited by the
Postal Service for each request. For each
request, the Commission appoints an
officer of the Commission to represent
the interests of the general public in the
proceeding, pursuant to 39 U.S.C. 505
(Public Representative). Section II also
establishes comment deadline(s)
pertaining to each request.
The public portions of the Postal
Service’s request(s) can be accessed via
the Commission’s website (https://
www.prc.gov). Non-public portions of
the Postal Service’s request(s), if any,
can be accessed through compliance
with the requirements of 39 CFR
3007.301.1
The Commission invites comments on
whether the Postal Service’s request(s)
in the captioned docket(s) are consistent
with the policies of title 39. For
request(s) that the Postal Service states
concern market dominant product(s),
applicable statutory and regulatory
requirements include 39 U.S.C. 3622, 39
U.S.C. 3642, 39 CFR part 3010, and 39
CFR part 3020, subpart B. For request(s)
that the Postal Service states concern
competitive product(s), applicable
statutory and regulatory requirements
include 39 U.S.C. 3632, 39 U.S.C. 3633,
39 U.S.C. 3642, 39 CFR part 3015, and
39 CFR part 3020, subpart B. Comment
deadline(s) for each request appear in
section II.
II. Docketed Proceeding(s)
32789
This Notice will be published in the
Federal Register.
Ruth Ann Abrams,
Acting Secretary.
[FR Doc. 2019–14531 Filed 7–8–19; 8:45 am]
BILLING CODE 7710–FW–P
POSTAL SERVICE
Product Change—Priority Mail and
First-Class Package Service
Negotiated Service Agreement
Postal ServiceTM.
ACTION: Notice.
AGENCY:
The Postal Service gives
notice of filing a request with the Postal
Regulatory Commission to add a
domestic shipping services contract to
the list of Negotiated Service
Agreements in the Mail Classification
Schedule’s Competitive Products List.
DATES: Date of required notice: July 9,
2019.
SUMMARY:
FOR FURTHER INFORMATION CONTACT:
Elizabeth Reed, 202–268–3179.
The
United States Postal Service® hereby
gives notice that, pursuant to 39 U.S.C.
3642 and 3632(b)(3), on July 2, 2019, it
filed with the Postal Regulatory
Commission a USPS Request to Add
Priority Mail & First-Class Package
Service Contract 105 to Competitive
Product List. Documents are available at
www.prc.gov, Docket Nos. MC2019–159,
CP2019–179.
SUPPLEMENTARY INFORMATION:
Elizabeth Reed,
Attorney, Corporate and Postal Business Law.
[FR Doc. 2019–14495 Filed 7–8–19; 8:45 am]
BILLING CODE 7710–12–P
SECURITIES AND EXCHANGE
COMMISSION
[Release No. 34–86283; File No. SR–
CboeBZX–2019–059]
1. Docket No(s).: MC2019–159 and
CP2019–179; Filing Title: USPS Request
to Add Priority Mail & First-Class
Package Service Contract 105 to
Competitive Product List and Notice of
Filing Materials Under Seal; Filing
Acceptance Date: July 2, 2019; Filing
Authority: 39 U.S.C. 3642, 39 CFR
3020.30 et seq., and 39 CFR 3015.5;
Public Representative: Curtis E. Kidd;
Comments Due: July 11, 2019.
Self-Regulatory Organizations; Cboe
BZX Exchange, Inc.; Notice of Filing
and Immediate Effectiveness of a
Proposed Rule Change Relating To
Amend the Fee Schedule Applicable to
Members and Non-Members 1 of the
Exchange Pursuant to BZX Rules
15.1(a) and (c)
1 See Docket No. RM2018–3, Order Adopting
Final Rules Relating to Non-Public Information,
June 27, 2018, Attachment A at 19–22 (Order No.
4679).
1 A Member is defined as ‘‘any registered broker
or dealer that has been admitted to membership in
the Exchange.’’ See Exchange Rule 1.5(n).
2 15 U.S.C. 78s(b)(1).
PO 00000
Frm 00091
Fmt 4703
Sfmt 4703
July 2, 2019.
Pursuant to Section 19(b)(1) 2 of the
Securities Exchange Act of 1934 (the
E:\FR\FM\09JYN1.SGM
09JYN1
Agencies
[Federal Register Volume 84, Number 131 (Tuesday, July 9, 2019)]
[Notices]
[Pages 32786-32789]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-14605]
=======================================================================
-----------------------------------------------------------------------
PENSION BENEFIT GUARANTY CORPORATION
Privacy Act of 1974; System of Records
AGENCY: Pension Benefit Guaranty Corporation.
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: The Pension Benefit Guaranty Corporation (PBGC) is proposing
the following changes to its system of records notices to establish a
new system of records PBGC-26: PBGC Insider Threat and Data Loss
Prevention. The new system of records will cover records about
individuals,
[[Page 32787]]
retrieved by personal identifier, which are compiled and used by PBGC's
Insider Threat and Data Loss Prevention teams, to administer PBGC's
insider threat and data loss prevention programs. Because records in
this system include investigatory material compiled for law enforcement
purposes, elsewhere in this issue of the Federal Register PBGC has
published a final rule to exempt this system of records from certain
requirements of the Privacy Act. The system of records is more fully
described in in the SUPPLEMENTARY INFORMATION section of this notice
and in the System of Records Notice (SORN) published in this notice.
DATES: Comments must be received on or before August 8, 2019. The
system of records described herein will become effective July 9, 2019,
without further notice, unless comments result in a contrary
determination and a notice is published to that effect.
ADDRESSES: You may submit written comments to PBGC by any of the
following methods:
Federal eRulemaking Portal: https://www.regulations.gov.
Follow the website instructions for submitting comments.
Email: [email protected]. Refer to SORN in the subject
line.
Mail or Hand Delivery: Regulatory Affairs Division, Office
of the General Counsel, Pension Benefit Guaranty Corporation, 1200 K
Street NW, Washington, DC 20005-4026.
All submissions must include the agency's name (Pension Benefit
Guaranty Corporation, or PBGC) and refer to ``SORN.'' All comments
received will be posted without change to PBGC's website, www.pbgc.gov,
including any personal information provided. Copies of comments may
also be obtained by writing to Disclosure Division, Office of the
General Counsel, Pension Benefit Guaranty Corporation, 1200 K Street
NW, Washington, DC 20005-4026, or calling 202-326-4040 during normal
business hours. (TTY users may call the Federal relay service toll-free
at 1-800-877-8339 and ask to be connected to 202-326-4040.)
FOR FURTHER INFORMATION CONTACT: Margaret Drake, Chief Privacy Officer,
Pension Benefit Guaranty Corporation, Office of the General Counsel,
1200 K Street NW, Washington, DC 20005, 202-326-4400, extension 6435.
For access to any of PBGC's system of records, contact D. Camilla
Perry, Disclosure Officer, Office of the General Counsel, Disclosure
Division, 1200 K Street NW, Washington DC 20005, or by calling 202-326-
4040.
SUPPLEMENTARY INFORMATION: PBGC is proposing to establish a new system
of records titled, ``PBGC-26, PBGC Insider Threat and Data Loss
Prevention--PBGC.'' Executive Order 13587, issued on October 7, 2011,
mandated that agencies with classified networks establish insider
threat programs. While PBGC does not have any classified networks, it
does maintain a significant amount of Controlled Unclassified
Information (CUI) that, under law, it is required to safeguard from
unauthorized access or disclosure. One method utilized by PBGC to
ensure that only those with a need-to-know have access to CUI is a set
of tools to minimize data loss, whether inadvertent or intentional.
Working from the Minimum Standards set forth in the Presidential
Memorandum--National Insider Threat Policy and Minimum Standards for
Executive Branch Insider Threat Programs (Nov. 21, 2012), PBGC is also
establishing an Insider Threat Program. While PBGC is not legally
mandated to deploy an insider threat program, the principles developed
by the National Institute of Standards and Technology and the National
Insider Threat Task Force ``can also be employed effectively to improve
the security of Controlled Unclassified Information in non-national
security systems.'' An ``insider'' is any individual authorized to
access PBGC facilities, information, equipment, and systems. This
includes Federal employees and contractors. An ``insider threat''
occurs when that individual exceeds their authorized access,
intentionally or not, or uses information for an improper purpose,
including, but not limited to, personal gain, which ``negatively
affect[s] the confidentiality, integrity, or availability'' of PBGC
data.
The records that PBGC will compile to administer its data loss
prevention and insider threat programs may be from any PBGC program,
record, or source, and may contain records pertaining to information
security, personnel security, or physical security. The records covered
under PBGC-26,PBGC Insider Threat and Data Loss Prevention--PBGC,
include investigatory material compiled for law enforcement purposes.
Accordingly, PBGC has published a Final Rule in the Federal Register to
exempt such material in the new system or record from certain
requirements under the Privacy Act of 1974 (5 U.S.C. 552a), based on
subsection (k)(2) of the Act.
The collection and maintenance of these records is new. The
implementation of this new system of records will be effective on July
9, 2019.
Issued in Washington, DC.
Gordon Hartogensis,
Director, Pension Benefit Guaranty Corporation.
SYSTEM NAME AND NUMBER
PBGC--26: PBGC Insider Threat and Data Loss Prevention--PBGC
Security Classification
Unclassified
System Location
Pension Benefit Guaranty Corporation (PBGC), 1200 K Street NW,
Washington, DC 20005. (Records may be kept at an additional location as
backup for continuity of operations.)
System Manager(s) and Address
Chief Information Officer, Office of Information Technology, PBGC,
1200 K Street NW, Washington, DC 20005.
Authority for Maintenance of the System
29 U.S.C. 1302(b)(3); 5 U.S.C. 301; 44 U.S.C. 3101; 44 U.S.C. 3554;
Executive Order 13587, Structural Reforms To Improve the Security of
Classified Networks and the Responsible Sharing and Safeguarding of
Classified Information (Oct. 7, 2011); Presidential Memorandum--
National Insider Threat Policy and Minimum Standards for Executive
Branch Insider Threat Programs (Nov. 21, 2012); Executive Orders 13488
and 13467, as amended by 13764, To Modernize the Executive Branch-Wide
Governance Structure and Processes for Security Clearances, Suitability
and Fitness for Employment, and Credentialing, and Related Matters;
Executive Order 3356, Controlled Unclassified Information (Nov. 4,
2010); 5 CFR part 731; 5 CFR part 302; OMB Circular A-130 (July 28,
2016); National Institute of Standards and Technology Special
Publication 800-53.
Purpose(s) of the System
The purpose of the system is to detect anomalous behavior by PBGC
insiders and, as warranted, gather information from sources or existing
PBGC systems of records to support an investigation of the incident.
Categories of Individuals Covered by the System
The categories of individuals covered by this system are PBGC
insiders, defined as any person with authorized access to any PBGC
resource including facilities, information, equipment, networks, or
systems.
Categories of Records in the System
A. The System Will Contain These Categories of Records
Information collected through user activity monitoring, including
[[Page 32788]]
keystrokes, screen captures, and content transmitted via email, chat,
or data import or export.
Reports of investigation regarding security violations and privacy
breaches, including incident reports; usernames and aliases, levels of
network access, audit data, information regarding misuse of PBGC
devices, information regarding unauthorized use of removable media, and
logs of printer, copier, and facsimile machine use.
Records relating to the management and operation of PBGC personnel
and physical security, including information relating to continued
eligibility for access to PBGC facilities, information, and information
systems.
Information identifying threats to PBGC personnel, property,
facilities, and information; information obtained from the Department
of Justice, the Federal Bureau of Investigation, or from other agencies
or organizations about individuals known or suspected of being engaged
in conduct constituting, preparing for, aiding, or relating to an
insider threat, including espionage or unauthorized disclosure of
personally identifiable information (PII).
B. The System May Include These Categories of Records
Publicly available information, such as information regarding:
Arrests and detentions; real property; bankruptcy; liens or holds on
property; vehicles; licensure (including professional and pilot's
licenses, firearms and explosive permits); business licenses and
filings; and from social media.
Reports furnished to the PBGC, or collected by PBGC, in connection
with personnel security investigations and Insider Threat Detection
Program operated by PBGC pursuant to Federal laws and Executive Orders,
rules, regulations, guidance, and PBGC policies.
Documentation pertaining to investigative or analytical efforts by
PBGC Insider Threat Program Personnel to identify threats to PBGC
personnel, property, facilities, and information.
Intelligence reports and database query results relating to
individuals covered by this system.
Record Source Categories
To monitor for, identify, and respond to potential insider threats,
information in the system will be received on an as needed basis from
PBGC employees, contractors, vendors, interns, and detailees; officials
from other foreign, federal, tribal, state, and local government
agencies and organizations; non-government, commercial, public, and
private agencies and organizations; complainants, informants, suspects,
and witnesses; and from relevant records, including counterintelligence
and security databases and files; personnel security databases and
files; PBGC human resources databases and files; PBGC contractor files;
PBGC's Office of Information Technology; information collected through
user activity monitoring; PBGC telephone usage records; federal, state,
tribal, territorial, and local law enforcement and investigatory
records; Inspector General records; available U.S. Government
intelligence and counterintelligence reporting information and analytic
products pertaining to adversarial threats; other Federal agencies; and
publicly available information.
Routine Uses of Records Maintained in the System, Including Categories
of Users and the Purposes of Such Uses
Information about covered individuals may be disclosed without
consent as permitted by the Privacy Act of 1974, 5 U.S.C. 522a(b), and:
1. General Routine Uses G1 through G14 apply to this system of
records (see Prefatory Statement of General Routine Uses).
2. Records may be disclosed to any person, organization, or
governmental entity in order to notify them of a serious threat for the
purpose of guarding against or responding to the threat.
3. Records may be disclosed to a federal, state, or local agency,
or other appropriate entities or individuals, or through established
liaison channels to selected foreign governments, in order to enable
the intelligence agency with the relevant authority and responsibility
for the matter to carry out its responsibilities under the National
Security Act of 1947 as amended, the CIA act of 1949 as emended,
Executive Order 12333 or any successor order, applicable national
security directives, or classified implementing procedures approved by
the Attorney General and promulgated pursuant to such statutes, orders
or directives.
4. Records may be disclosed to the U.S. Department of Homeland
Security (DHS) if captured in an intrusion detection system used by
PBGC and DHS pursuant to a DHS cybersecurity program that monitors
internet traffic to and from federal government computer networks to
prevent a variety of types of cybersecurity incidents.
Policies and Practices for Storage of Records
Records are maintained in electronic form (including computer
databases or discs). Records may also be maintained on back-up tapes,
or on a PBGC or a contractor-hosted network.
Policies and Practices for Retrieval of Records
Information from this system may be retrieved by numerous data
elements and key word searches, including, but not limited to name,
dates, subject, and other information retrievable with full text
searching capability.
Administrative, Technical, and Physical Safeguards
PBGC has established security and privacy protocols that meet the
required security and privacy standards issued by the National
Institute of Standards and Technology (NIST). Records are maintained in
a secure, password protected electronic system that utilizes security
hardware and software to include multiple firewalls, active intruder
detection, and role-based access controls. PBGC has adopted appropriate
administrative, technical, and physical controls in accordance with
PBGC's security program to protect the confidentiality, integrity, and
availability of the information, and to ensure that records are not
disclosed to or accessed by unauthorized individuals.
Electronic records are stored on computer networks, which may
include cloud-based systems, and protected by controlled access with
Personal Identity Verification (PIV) cards, assigning user accounts to
individuals needing access to the records and by passwords set by
authorized users that must be changed periodically.
Policies and Practices for Retention and Disposal of Records
The records in this system of records are covered by National
Archives and Records Administration General Records Schedule 5.6, items
210, 220, 230, and 240.
Record Access Procedures
Individuals, or third parties with written authorization from the
individual, wishing to request access to their records in accordance
with 29 CFR 4902.4, should submit a written request to the Disclosure
Officer, PBGC, 1200 K Street NW, Washington, DC 20005, providing their
name, address, date of birth, and verification of their identity in
accordance with 29 CFR 4902.3(c).
Contesting Record Procedures
Individuals, or third parties with written authorization from the
individual, wishing to amend their records must submit a written
request identifying the information they wish to correct in their file,
in addition to
[[Page 32789]]
following the requirements of the Record Access Procedure above.
Notification Procedures
Individuals, or third parties with written authorization from the
individual, wishing to learn whether this system of records contains
information about them should submit a written request to the
Disclosure Officer, PBGC, 1200 K Street NW, Washington, DC 20005,
providing their name, address, date of birth, and verification of their
identity in accordance with 29 CFR 4902.3(c).
Exemptions Promulgated for the System
Pursuant to 5 U.S.C. 552a(k)(2), PBGC has established regulations
at 29 CFR 4902.12 that exempt records in this system depending on their
purpose.
History
None.
[FR Doc. 2019-14605 Filed 7-8-19; 8:45 am]
BILLING CODE 7709-02-P